ExtraHop and Splunk Provide Pervasive Threat Visibility with Real-Time, Context-Aware Monitoring of IT Environments

Real-Time Auditing and Anomaly Detection Across Tiers Enables IT Teams to Mitigate Risk, Ensure Internal and Regulatory Compliance


LAS VEGAS, NV -- Splunk .conf2013 – September 30, 2013ExtraHop, the global leader in real-time wire-data analytics for IT operational intelligence, today announced pervasive, context-aware monitoring that imparts intelligent compliance and security. The ExtraHop compliance and security solution provides correlated, cross-tier visibility and anomaly detection that complements intrusion prevention (IPS), intrusion detection (IDS), and Security Information and Event Management (SIEM) systems.

The new solution is extensible and demonstrates the programmability and ease of ExtraHop integration with security platforms. In addition, ExtraHop's integration with Splunk® Enterprise transforms real-time security-related wire data into machine data for elegant, in-depth visualization, enabling IT, compliance, and security teams to easily pinpoint the system, application, or infrastructure element in which a security event is occurring without using agents or offline packet capture. ExtraHop will be demonstrating the compliance and security solution at Splunk .conf2013 in Las Vegas from September 30 to October 3, 2013. ExtraHop will be in booth #G2.

"Part of the answer to the seemingly insurmountable problem of how to identify attacks without signature-based mechanisms lies in pervasive monitoring to identify meaningful deviations from normal behavior to infer malicious intent. If you assume systems will be compromised with advanced targeted threats, then information security efforts need to shift to detailed, pervasive and context-aware monitoring to detect these threats," wrote Neil MacDonald, VP & Gartner Fellow, in his May 2013 report titled Prevention Is Futile in 2020: Protect Information Via Pervasive Monitoring and Collective Intelligence.

The ExtraHop compliance and security solution delivers continuous, real-time auditing and anomaly detection across the entire application delivery chain, analyzing all wire data, including encrypted traffic, to deliver visibility and intelligence that mitigates risk and helps ensure compliance with both internal policies and regulations such as HIPAA, PCI DSS, and SOX.

  • Encryption auditing identifies all SSL transactions and certificates used by servers and clients, including those using weak keys and cipher suites, and tracks certificates that are about to expire for proactive remediation. Encryption auditing makes it easier to prove that all sensitive data is actually being encrypted in flight and that keys and ciphers are the correct strength.
  • Monitoring for locked-down virtual desktop environments enables users to track all ICA communications and provides continuous monitoring of any data passing over protected channels, with per-user and per-client details so that IT teams can identify users violating policy. For example, ExtraHop continuously monitors VDI channels such as print and USB, and it sends an alert if any of these channels become active on unauthorized machines.
  • Storage access monitoring analyzes networked storage activity, enabling users to continuously monitor SAN or NAS environments and break out client IP, username, file path, filename, and frequency to proactively identify unauthorized users attempting to gain access to secured systems. This capability provides context to ensure sensitive customer or patient protections are being enforced and a means to prove it.
  • Brute-force authentication alerting detects both high-intensity and low-intensity attacks by tracking and alerting on the frequency of failed attempts per user and historical counts in real time using LDAP analysis.
  • Surreptitious tunneling over DNS is a common method that infected or compromised machines use to communicate to external controllers. With ExtraHop acting as a sentinel, this activity is continuously monitored and detected by breaking out DNS records by type and tracking irregular TXT-records and normal A-records specifically, raising a red flag to mitigate potential data leakage.
  • Superuser account tracking enables users to monitor all superuser logins with per-client and per-server IP details, providing alerts and visibility into who is accessing an application or database so that security administrators can quickly take action.
"As security threats, including zero-day attacks that exploit previously unknown vulnerabilities, become increasingly varied and sophisticated, real-time monitoring across all components of the application delivery chain is becoming a crucial first line of defense," said Jesse Rothstein, CEO, ExtraHop. "With the ExtraHop compliance and security solution and our integration with Splunk Enterprise, enterprise security teams are armed with a highly scalable solution designed to detect potential security events as they happen. With Splunk Enterprise, these anomalies can be easily visualized, enabling organizations to pinpoint the source before a serious breach occurs and prove that they have had adequate controls in place."

"As the volume of data continues to grow and the sophistication of malicious activity increases, the ability to monitor and proactively identify potential threats has become mission critical for enterprises," said Bill Gaylord, senior vice president of business development at Splunk. "Given the complexity in today's IT environment, all data is security relevant. Splunk is at the forefront of this approach with a security intelligence platform that collects, monitors, analyzes and visualizes machine data at enterprise-scale. Adding wire data from ExtraHop as a critical new data source delivers real-time intelligence and a deeper, data-driven view of security events."

For more information about ExtraHop, visit us at .conf2013 booth #G2. To get started, request your free, perpetually licensed virtual appliance for real-time monitoring.

To learn more about the Splunk .conf2013 user conference and to register, please visit: http://conf.splunk.com/. The hashtag for .conf2013 is #splunkconf.

About Splunk Inc.
Splunk Inc. (NASDAQ: SPLK) provides the engine for machine data™. Splunk® software collects, indexes and harnesses the machine-generated big data coming from the websites, applications, servers, networks, sensors and mobile devices that power business. Splunk software enables organizations to monitor, search, analyze, visualize and act on massive streams of real-time and historical machine data. More than 6,000 enterprises, universities, government agencies and service providers in over 90 countries use Splunk Enterprise to gain Operational Intelligence that deepens business and customer understanding, improves service and uptime, reduces cost and mitigates cybersecurity risk. Splunk Storm®, a cloud-based subscription service, is used by organizations developing and running applications in the cloud.

To learn more, please visit www.splunk.com/company.

Splunk, Splunk>, Splunk Storm, Listen to Your Data, SPL and The Engine for Machine Data are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.

About ExtraHop

ExtraHop is the cybersecurity partner enterprises trust to reveal the unknown and unmask the attack. The company’s Reveal(x) 360 platform is the only network detection and response platform that delivers the 360-degree visibility needed to uncover the cybertruth. When organizations have full network transparency with ExtraHop, they see more, know more, and stop more cyberattacks. Learn more at www.extrahop.com

© 2023 ExtraHop Networks, Inc. Reveal(x), Reveal(x) 360, Reveal(x) Enterprise, and ExtraHop are trademarks of ExtraHop Networks, Inc.

Press Contact